What is my IP address?

Your IP address is the unique number your internet provider assigns to your connection. whatsmy.fyi shows your public IPv4 and IPv6 addresses instantly, along with your location and ISP.

Does this site store my IP address?

No. whatsmy.fyi processes your IP address only to display it to you. Nothing is stored, logged, or shared. Zero logs.

What is a WebRTC leak?

A WebRTC leak happens when your browser reveals your real IP address through the WebRTC protocol, even when you are using a VPN. whatsmy.fyi tests for this automatically.

What Is Audio Fingerprinting? How AudioContext Tracks Your Browser

Audio fingerprinting is a browser tracking technique that uses the Web Audio API to render a silent signal in memory and measure the tiny floating-point differences in the output — differences that are unique to your hardware and software stack. No sound is played, no microphone is accessed, and no permissions are ever requested. You can check your browser fingerprint, including audio signals, right now on whatsmy.fyi.

TL;DR

Audio fingerprinting creates a tiny audio rendering task entirely inside your browser's memory, then reads back the numerical result. Because every combination of CPU, operating system audio stack, and browser engine processes floating-point math slightly differently, the result is a stable number that uniquely identifies your device — surviving incognito mode, cookie clearing, and even browser switching on Chromium-based browsers.

What Is Audio Fingerprinting?

Audio fingerprinting exploits the OfflineAudioContext — a browser API originally designed for rendering audio faster-than-realtime for processing, mixing, and export. Fingerprinting scripts repurpose it to render a mathematically defined waveform with no output device, then measure how the platform's floating-point arithmetic handled the computation. The result is a single number — something like 124.0434488 on one machine or 79.59 on another — that acts as a device identifier.

Unlike canvas fingerprinting, which probes your GPU's 2D rendering pipeline, audio fingerprinting probes your CPU's digital signal processing (DSP) pipeline. The two capture completely different layers of your hardware stack, making them complementary signals when deployed together. Commercial fingerprinting platforms such as Fingerprint.com routinely combine both signals alongside more than 100 others.

Audio fingerprinting is one of the harder-to-detect components of the broader browser fingerprinting ecosystem. Because it requires no storage, no cookies, no network requests, and no user interaction, it is entirely invisible in DevTools' Network panel and produces no warnings or permission prompts of any kind.

How Does Audio Fingerprinting Work?

The process runs in a background thread in under 50 milliseconds and follows four clear steps.

Step 1 — Create an OfflineAudioContext

The script instantiates an OfflineAudioContext with a fixed channel count, sample count, and sample rate — typically one channel, 5,000 samples at 44,100 Hz. "Offline" means it renders entirely in memory: no audio hardware is involved, no output device is required, and no sound is produced.

Step 2 — Generate a Waveform

An OscillatorNode is configured to produce a triangle wave at 10,000 Hz. This is a mathematically precise, repeating waveform — there is no randomness in the input. Any difference in the output therefore comes entirely from the platform's processing chain, not from the signal itself.

Step 3 — Apply DynamicsCompressor

The oscillator signal is routed through a DynamicsCompressorNode set to a specific threshold, knee, ratio, attack, and release. The compressor applies a non-linear gain curve — meaning the math involves division and exponentiation, not just addition. Non-linear operations compound floating-point rounding errors across platforms, which is precisely why the compressor is used: it amplifies the tiny differences between CPU architectures and audio stack implementations into a measurably stable value.

Step 4 — Read and Hash the Output

After rendering completes, buffer.getChannelData(0) returns a Float32Array of 5,000 values. The script typically sums the absolute values of samples 4,500–5,000 to produce a single float. That float — or a hash of the full array — becomes the audio fingerprint.

// AudioContext fingerprinting — minimal working example
async function getAudioFingerprint() {
  const AudioCtx =
    window.OfflineAudioContext || window.webkitOfflineAudioContext;

  // 1. Create in-memory context — no hardware, no permissions
  const ctx = new AudioCtx(1, 5000, 44100);

  // 2. Oscillator — triangle wave at 10 kHz (deterministic input)
  const osc = ctx.createOscillator();
  osc.type = 'triangle';
  osc.frequency.setValueAtTime(10000, ctx.currentTime);

  // 3. DynamicsCompressor — non-linear math amplifies platform differences
  const comp = ctx.createDynamicsCompressor();
  comp.threshold.setValueAtTime(-50, ctx.currentTime);
  comp.knee.setValueAtTime(40, ctx.currentTime);
  comp.ratio.setValueAtTime(12, ctx.currentTime);
  comp.attack.setValueAtTime(0, ctx.currentTime);
  comp.release.setValueAtTime(0.25, ctx.currentTime);

  osc.connect(comp);
  comp.connect(ctx.destination);
  osc.start(0);

  // 4. Render and read — runs off the main thread
  const buffer = await ctx.startRendering();
  const data = buffer.getChannelData(0);

  // Sum last 500 samples — result differs per device/OS/browser
  // Chrome macOS: ~101.46  |  Safari: ~79.59  |  Firefox: ~80.95
  return data.slice(4500).reduce((acc, v) => acc + Math.abs(v), 0);
}

Why Does Every Device Sound Different?

The variation is rooted in how each platform implements IEEE 754 floating-point arithmetic for audio processing. Three layers contribute:

CPU architecture and SIMD instructions: x86 processors use SSE2 or AVX2 vector instructions; ARM processors use NEON. The same multiplication produces a different least-significant bit depending on which instruction set is used. Thousands of such operations across a 5,000-sample render produce a measurably different sum.
OS audio stack and driver version: Chrome uses a different internal FFT implementation on macOS versus Windows and Linux. Android 9 and Android 10 produce measurably different values on the same physical device because an OS update changed the audio processing pipeline.
Browser engine divergence: Blink, WebKit, and Gecko all share roots in Google's 2011 WebKit codebase but have accumulated more than a decade of independent modifications to their audio processing code. Firefox returns a different value than Chrome on the same macOS hardware.

A notable property sets audio fingerprinting apart from canvas: on Blink-based browsers (Chrome, Edge, Opera, Brave), the same device returns the same audio fingerprint regardless of which Blink browser is used. This means a tracker can follow you across browsers — not just across tabs — on the same machine, something canvas fingerprinting cannot reliably do.

How Unique Is an Audio Fingerprint?

Audio fingerprinting is not the highest-entropy signal in isolation, but it excels at stability — and that stability is what makes it valuable in multi-signal fingerprinting systems.

Finding	Value	Source
Audio fingerprint entropy (isolation)	~4.8 bits	arXiv 2107.14201 (2021)
Canvas fingerprint entropy (for comparison)	~5.7 bits	EFF Cover Your Tracks
Sites among Alexa Top 100k using fingerprinting scripts	~10%	Academic measurement study, 2021
DynamicsCompressor method stability vs. FFT method	DC method more stable	arXiv 2107.14201 (2021)
Combined fingerprint accuracy (100+ signals including audio)	up to 99.6%	Fingerprint.com
Safari 17 noise injection protection bypassed by averaging samples	40,000 samples	Fingerprint.com bypass research, 2023

Audio fingerprinting's real strength is not entropy but persistence. It changes only when you upgrade your OS, update your browser engine, or change hardware. Canvas and WebGL fingerprints can shift with GPU driver updates; the audio fingerprint is anchored to a deeper, slower-changing layer of the stack. Commercial platforms use it as a stabilizing "anchor signal" that keeps a device identity consistent even when higher-entropy signals drift.

Who Uses Audio Fingerprinting in the Real World?

Fraud Detection Platforms

Fraud prevention is the dominant legitimate use case. Platforms such as Fingerprint.com, DataDome, ThreatMetrix, and Sift use audio fingerprinting as one of many signals to detect account takeovers, credential stuffing, and bot traffic. Bots running Puppeteer, Playwright, or Selenium without stealth patches often use virtualized audio stacks that return zero or anomalous values, making audio output a reliable bot-detection signal. When a legitimate user's device audio fingerprint suddenly mismatches the one on file, the system flags it as a risk event for review.

Cross-Site Advertising Networks

As third-party cookies were deprecated across major browsers, ad-tech companies accelerated investment in fingerprinting for identity resolution. Audio fingerprinting is attractive because it requires no storage on the device — meaning it technically falls outside the ePrivacy Directive's original Article 5(3) cookie language, though EU regulators now explicitly class it as requiring consent anyway. In February 2025, Google reversed its own internal ban on device fingerprinting for advertising, a move the UK Information Commissioner's Office publicly called "irresponsible."

Paywall Enforcement

Publishers use audio fingerprinting to identify users who clear cookies to bypass article limits. Because the fingerprint is computed from hardware rather than stored data, it persists through cookie deletion and private browsing sessions.

Is Audio Fingerprinting Legal?

The legal situation has tightened significantly since 2020. Under the GDPR, an audio fingerprint that can single out an individual constitutes personal data under Article 4, regardless of whether a name is attached. The ePrivacy Directive Article 5(3), as clarified by the EDPB's 2024 guidelines, now explicitly covers device fingerprinting — not just traditional cookies.

France's CNIL ruled in 2020 that canvas fingerprinting is "equivalent to a cookie" and fined a company for using it without consent. Belgian and Dutch DPAs have made equivalent rulings. For advertising use, consent is required across the EU. Fraud detection may qualify under Article 6(1)(f) legitimate interest — but only when strictly necessary, disclosed in the privacy policy, and not used for any secondary marketing purpose.

Under the US CCPA and CPRA, audio fingerprint data is "personal information" subject to disclosure and opt-out rights. The W3C Fingerprinting Guidance recognises audio as a fingerprinting vector and advises API designers to limit the precision of floating-point output in web specifications. Enforcement across jurisdictions remains inconsistent, but the regulatory direction is clear: consent is increasingly required.

How to Protect Yourself from Audio Fingerprinting

Protections are ranked from most complete to most practical for everyday use.

Tor Browser (strongest): Tor disables the Web Audio API entirely (dom.webaudio.enabled = false). There is nothing to fingerprint. The trade-off is that any site legitimately using Web Audio — music apps, interactive media, games — will break.
Brave Browser — Farbling (best daily-use balance): Brave's Farbling multiplies audio buffer values by a tiny random factor derived from a per-session, per-site seed. The perturbation is consistent within a session so audio playback works normally, but it changes between sessions and differs between sites — making cross-site and cross-session tracking unreliable. Brave Strict Mode goes further and replaces the waveform with pseudo-random noise.
Firefox privacy.resistFingerprinting: Enabling this flag in about:config makes Firefox return uniform audio values shared by all users with the same flag, aiming for uniformity over randomisation. It is not enabled by default and can cause website compatibility issues.
Safari 17+ Private Browsing: Safari injects small noise (magnitude 0.001) into audio buffer values. This is the weakest protection — Fingerprint.com demonstrated a bypass by averaging 40,000 rendered samples, which cancels the noise and recovers the true underlying fingerprint value.
uBlock Origin with strict filter lists: Blocks many fingerprinting scripts at the network level before they can run. Does not modify the API itself — effective only against known script URLs.
Standard private/incognito mode — no protection: Chrome, Firefox, and Edge in incognito mode return identical audio fingerprints to normal mode. Incognito prevents storage, not computation. Check your other exposed signals on whatsmy.fyi.

Frequently Asked Questions

Does audio fingerprinting use my microphone?

No. Audio fingerprinting uses the OfflineAudioContext API, which renders audio entirely in memory without accessing any input device. It requires no permissions, produces no sound, and appears nowhere in browser permission prompts or indicators. The Web Audio API is a separate specification from the Media Capture API (getUserMedia) that controls microphone access.

Does it work in incognito or private browsing mode?

Yes, completely. Incognito mode prevents your browser from saving browsing history, cookies, and local data to disk — but the audio fingerprint is computed from hardware and software characteristics, not from stored data. Your CPU and OS audio stack behave identically in incognito mode. Only browsers with active audio API randomisation, such as Brave or Tor Browser, behave differently.

How is audio fingerprinting different from canvas fingerprinting?

Canvas fingerprinting probes your GPU's 2D rendering pipeline — differences in your graphics card, driver, and font renderer produce a unique pixel hash. Audio fingerprinting probes your CPU's DSP pipeline — differences in floating-point arithmetic across CPU architectures and audio stacks produce a unique float. They target completely different hardware layers and are almost always used together. Crucially, audio fingerprinting is more cross-browser stable on the same device: Chrome and Edge on the same machine return the same audio fingerprint, while they can return different canvas fingerprints. See the canvas fingerprinting guide for a deeper look at the GPU-side equivalent.

Can a VPN protect against audio fingerprinting?

No. A VPN changes your IP address and encrypts your traffic, but it has no effect on how your browser processes floating-point audio math. The audio fingerprint is derived entirely from your local hardware and software — it is the same regardless of which server your requests route through. Use Brave Browser or Firefox with privacy.resistFingerprinting for audio fingerprint protection. You can check whether your VPN is actually masking your IP on whatsmy.fyi.

Is audio fingerprinting more or less accurate than WebGL fingerprinting?

WebGL fingerprinting produces higher entropy — it can expose your exact GPU model, driver version, and supported extension list, allowing it to distinguish even two machines with identical hardware configurations. Audio fingerprinting produces lower entropy (~4.8 bits vs. WebGL's higher values) but excels at stability across browser updates. In practice, commercial systems combine both: WebGL for initial high-resolution identification, audio as the stable anchor that prevents the fingerprint from degrading over time. Read the WebGL fingerprinting guide to see how the GPU side works.

Why does the DynamicsCompressor make audio fingerprinting more effective?

The DynamicsCompressorNode applies a non-linear gain curve — the math involves exponentials and divisions, not just addition. Non-linear operations compound floating-point rounding errors across thousands of samples far more than linear operations do. A tiny platform-specific difference in one intermediate multiplication cascades through the compressor's processing chain into a measurably stable and discriminating final value. Without the compressor, simple oscillator output would produce far less platform variation, making the fingerprint less useful for identification.

Can websites use audio fingerprinting without telling me?

Technically, yes — the API requires no permission prompts, leaves no trace in the Network tab, and runs silently in a background thread. Legally, under the GDPR and ePrivacy Directive (in the EU), using audio fingerprinting for advertising without prior informed consent is illegal. For fraud detection, a legitimate interest basis may apply with disclosure in the privacy policy. In practice, enforcement is inconsistent, and many sites deploy fingerprinting without explicit consent notices. Tools like EFF's Cover Your Tracks can test whether a site is fingerprinting you.

What Is Browser Fingerprinting? How Sites Track You Without Cookies — the complete guide to all fingerprinting signals combined into one device identity
What Is Canvas Fingerprinting? How Websites Track You Without Cookies — how GPU rendering differences create a unique identifier from pixel output
What Is WebGL Fingerprinting? How Your GPU Identifies Your Browser — how the 3D graphics API exposes your GPU vendor, model, and driver version
What Is Font Fingerprinting? How Installed Fonts Track You Online — how your installed font list contributes to your overall browser fingerprint